TypicalAM / Yarilo

Wireless Network Traffic Decrypter & Packet Analyzer
https://yarilo.piaseczny.dev
7 stars 0 forks source link
802-11 cplusplus libtins svelte wireless

Yarilo

Yarilo is an offensive security tool and packet sniffer designed for capturing and decrypting encrypted wireless network traffic. This project can analyze and interpret packets on WPA2-protected networks with support for more coming soon. It can aid in network security assessments and understanding of wireless communication protocols.

Capabilities:

The project consists of two components:

Release

Let's talk about running the release version of Yarilo, we strongly encourage running the sniffer through docker because of the issues that arise while compiling grpc by hand (it takes a lot of time on smaller devices).

Sniffer

You can use typicalam/yarilo:latest as the base docker image. This project has two modes - file mode and interface mode. File mode runs the sniffer and analyzer on file recordings to decrypt existing data. Interface mode allows Yarlilo to take in a NIC (network interface card) and use that to sniff out network traffic captured by the card. You can also provide it a directory (shared volume) to be able to save the decrypted data. An example deployment docker compose file achieving is available at docker-compose.srv.yml. To run it execute the following command in the repo root:

docker compose -f docker-compose.srv.yml up -d

Development

What about running this thing locally?

Sniffer

Run in the backend directory ($MY_GRPC_INSTALL_DIR should be your grpc install dir):

Prepare definitions:

protoc -I ../protos --cpp_out=src/proto --grpc_out=src/proto --plugin=protoc-gen-grpc=`which grpc_cpp_plugin` ../protos/service.proto

Compile and run:

cmake -DCMAKE_PREFIX_PATH=$MY_GRPC_INSTALL_DIR -G Ninja -B build .
ninja -C build
./build/yarilo --help

C++ reference documentation is built alongside the project if -DYARILO_BUILD_DOCS=ON is specified (requires doxygen). Open the build/doc_doxygen/html/index.html file in a browser to view. Optionally, for protobuf definitons to also be included in the docs, run the following before building (requires go):

go install github.com/pseudomuto/protoc-gen-doc/cmd/protoc-gen-doc@latest
protoc -I../protos --doc_opt=markdown,proto.md --doc_out=docs ../protos/service.proto

Client

To run the client, enter the frontend directory and run:

npm install
npm run proto:gen
npm run dev

If your sniffer isn't running in docker you should also run envoy like so: envoy -c backend/envoy.yaml.